k8s入门-1 在Ubuntu安装步骤

为了测试华为的KubeEdge,需要搭建K8s环境。

环境:

Ubuntu20.04

Docker版本

 

 

(一)安装步骤
参考:https://zhuanlan.zhihu.com/p/138554103

1,确保禁止掉swap分区

sudo swapoff -a

#修改/etc/fstab,注释掉swap那行,持久化生效
sudo vi /etc/fstab

2,确保时区和时间正确

sudo timedatectl set-timezone Asia/Shanghai

#修改后,如果想使得系统日志的时间戳也立即生效,则:
sudo systemctl restart rsyslog 

3、确保不休眠

sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target

4、设置iptables可以看到bridged traffic  

先确认Linux内核加载了br_netfilter模块:

lsmod | grep br_netfilter

确保sysctl配置中net.bridge.bridge-nf-call-iptables的值设置为了1。

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sudo sysctl --system

5、设置rp_filter的值

#修改/etc/sysctl.d/10-network-security.conf
sudo vi /etc/sysctl.d/10-network-security.conf

#将下面两个参数的值从2修改为1
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1

#然后使之生效
sudo sysctl --system

  

6、开始安装K8s master

1,安装kubeadm kubeadm kubectl

sudo apt-get update && sudo apt-get install -y ca-certificates curl software-properties-common apt-transport-https curl
 curl -s https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | sudo apt-key add -

sudo tee /etc/apt/sources.list.d/kubernetes.list <<EOF 
deb https://mirrors.aliyun.com/kubernetes/apt/ kubernetes-xenial main
EOF

sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl

  

2、初始化,这里问题很多,请参考(二)

sudo kubeadm init --pod-network-cidr 172.16.0.0/16 \
    --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers

  

 3、安装calico插件

下载calico的k8s yaml文件,修改里面的CALICO_IPV4POOL_CIDR的值来避免和宿主机所在的局域网段冲突(gemfield就是把原始的192.168.0.0/16 修改成了172.16.0.0/16):

#下载 https://docs.projectcalico.org/v3.19/manifests/calico.yaml
#修改CALICO_IPV4POOL_CIDR,然后
kubectl apply -f calico.yaml

如果提示安装失败,去https://docs.projectcalico.org/releases 下载最新版,安装,不然不会Ready.

查看状态

kubectl get pods -n kube-system -o widekubectl get pods -n kube-system -o wide

这是从新apply的初始化过程状态

(二)问题处理

1、isn't running or healthy

[wait-control-plane] Waiting for the kubelet to boot up the control plane as static Pods from directory "/etc/kubernetes/manifests". This can take up to 4m0s
[kubelet-check] Initial timeout of 40s passed.
[kubelet-check] It seems like the kubelet isn't running or healthy.
[kubelet-check] The HTTP call equal to 'curl -sSL http://localhost:10248/healthz' failed with error: Get "http://localhost:10248/healthz": dial tcp 127.0.0.1:10248: connect: connection refused.

解决办法:

1.1、关闭Swap

1.2、做如下处理

I faced similar issue recently. The problem was cgroup driver. Kubernetes cgroup driver was set to systems but docker was set to systemd. So I created '/etc/docker/daemon.json' and added below:

{
"exec-opts": ["native.cgroupdriver=systemd"]
}
Then

 systemctl daemon-reload
 systemctl restart docker
 systemctl restart kubelet
Run kubeadm init or kubeadm join again.

  

2、无法下载coredns处理

docker pull coredns/coredns
kubeadm config images list --config new.yaml
docker images
docker tag coredns/coredns:latest registry.cn-hangzhou.aliyuncs.com/google_containers/coredns/coredns:v1.8.4
docker rmi coredns/coredns:latest

 

3、The connection to the server localhost:8080 was refused - did you specify the right host or port?

echo "export KUBECONFIG=/etc/kubernetes/admin.conf" >> /etc/profile
source /etc/profile

 

4、Node节点:Config not found: /etc/kubernetes/admin.conf

mv /etc/kubernetes/kubelet.conf /etc/kubernetes/admin.conf

 

5、节点虚拟机提示nodename exist

error execution phase kubelet-start: a Node with name "zgj" and status "Ready" already exists in the cluster. You must delete the existing Node or change the name of this new joining Node

hostnamectl set-hostname zgj1 

因为直接复制的虚拟机,所以名字重复,这样从新加入即可。

6、reset从新安装后

 Get "https://xx.xx.xx.xx:6443/version?timeout=32s": x509: certificate signed by unknown authority

mkdir -p $HOME/.kube   
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config   
sudo chown $(id -u):$(id -g) $HOME/.kube/config

(三)复制一个虚拟机,然后重命名hostname,先kubeadm reset,然后执行kubeadm最后生成的join语句。

kubeadm join 192.168.3.67:6443 --token xxxx.xxxxxxxxx\
	--discovery-token-ca-cert-hash sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxx 

 

 

 

 加入Node后的样子

 

 

 应该基本上成功了。

 

  

posted @ 2021-08-15 00:40  zhaogaojian  阅读(494)  评论(0编辑  收藏  举报